Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 

Approov Token Binding Integration Example

This Approov integration example is from where the code example for the Approov token binding check quickstart is extracted, and you can use it as a playground to better understand how simple and easy it is to implement Approov in a Python FastAPI server.

TOC - Table of Contents

Why?

To lock down your API server to your mobile app. Please read the brief summary in the Approov Overview at the root of this repo or visit our website for more details.

TOC

How it works?

The Python FastAPI server is very simple and is defined in the file src/approov-protected-server/token-check/hello-server-protected.py. Take a look at the verifyApproovToken() and verifyApproovTokenBinding() functions to see the simple code for the checks.

For more background on Approov, see the Approov Overview at the root of this repo.

TOC

Requirements

To run this example you will need to have installed:

TOC

Setup Env File

From /src/approov-protected-server/token-binding-check execute the following:

cp .env.example .env

Edit the .env file and add the dummy secret to it in order to be able to test the Approov integration with the provided Postman collection.

TOC

Try the Approov Integration Example

First, you need to set the dummy secret in the src/approov-protected-server/token-check/.env file as explained here.

Second, you need to install the dependencies. From the src/approov-protected-server/token-check folder execute:

virtualenv venv
source venv/bin/activate
pip3 install -r requirements.txt

Now, you can run this example from the src/approov-protected-server/token-check folder with:

uvicorn hello-server-protected:app --reload --port 8002

NOTE: If using python from inside a docker container add the option --host 0.0.0.0

Next, you can test that it works with:

curl -iX GET 'http://localhost:8002'

The response will be a 401 unauthorized request:

HTTP/1.1 401 Unauthorized
date: Fri, 18 Mar 2022 18:01:01 GMT
server: uvicorn
content-length: 2
content-type: application/json

{}

The reason you got a 401 is because no Approoov token is provided in the headers of the request.

Finally, you can test that the Approov integration example works as expected with this Postman collection or with some cURL requests examples.

TOC

Issues

If you find any issue while following our instructions then just report it here, with the steps to reproduce it, and we will sort it out and/or guide you to the correct path.

TOC

Useful Links

If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point:

TOC